DirSync Error Resolution Part 2 – Duplicate Values

The most common type of DirSync errors generated by the organization in Part 1 were objects with duplicate values. Using some of the error messages sent in the Directory Synchronization error report email, I will examine why these errors occurred and how we fixed them.

Duplicate Proxy Addresses

ehernandez@contosoeast.com

Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses smtp:ehernandez@contoso.mail.onmicrosoft.com;]. Correct or remove the duplicate values in your local directory. Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values.

 
 

There was an EHernandez in East.Contoso.com and West.Contoso.com. Each domain has separate email address policies, all based on alias, that were updated with the tenant routing address of %m@contoso.mail.onmicrosoft.com during the hybrid configuration. Normally, Exchange and AD will not allow duplicate SMTP addresses. One user will be ehernandez@contoso.mail.onmicrosoft.com and the other will be ehernandez2@contoso.mail.onmicrosoft.com. However, this organization is geographically distributed and normal AD replication lag allows 2 accounts to be created with the same email address before the updates are replicated across the forest.

 

Resolution:

  1. Remove ehernandez@contoso.mail.onmicrosoft.com from ehernandez@contosoeast.com
  2. Re-apply email address policy to user
  3. A new tenant routing address of ehernandez2@contoso.mail.onmicrosoft.com is applied to the account
  4. Dirsync will update the objects at the next synchronization cycle
  5. For accounts that are common across all domains, like Helpdesk, you will have to repeat this process for each account. You will have to wait for or force AD replication before updating the next account or it will try to use Helpdesk2@contoso.mail.onmicrosoft.com and generate a new error.

 

Duplicate User Principal Names

msmith@contoso.onmicrosoft.com

Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [UserPrincipalName msmith@contoso.onmicrosoft.com;]. Correct or remove the duplicate values in your local directory. Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values.

 
 

User accounts in each domain had their User Principal Name changed to match their Primary SMTP address. This was done just before migration of that domain to Office 365, so there was a transition phase where some domains were changed and others were not. In this case we had MSmith accounts in West.Contoso.com and South.Contoso.com. These UPN suffixes were not defined as accepted domains in Office 365 so both MSmith accounts were assigned the default domain of @contoso.onmicrosoft.com when the accounts were synchronized by Dirsync from the on-premise environment.

 

Resolution:

  1. Change one or both MSmith account UPNs to match their primary SMTP address
  2. Dirsync will update the objects at the next synchronization cycle

 

Duplicate On-Premise and Office 365 Accounts

 
 

DBanner@contoso.onmicrosoft.com

Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses smtp:DBanner@contoso.onmicrosoft.com;]. Correct or remove the duplicate values in your local directory. Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values.

 
 

This issue was a conflict between two synchronized users and a user created in Office 365 

 


 

David Banner was created directly in Office 365 even though a David Banner existed on-prem and would be synchronized. David, however, had not had his UPN changed to his email address so Office 365 was trying to assign him the DBanner@contoso.onmicrosoft.com UPN during directory synchronization, which conflicted with the primary email address of the cloud account. The Don and David Banner on-premise accounts both had DBanner aliases so both were also given the DBanner@contoso.mail.onmicrosoft.com proxy address.

 
 

Resolution:

  1. Delete DBanner Cloud user. The user was not licensed so it had no mailbox.
  2. On-premise DBanner user will sync later and update the cloud Global Address List
  3. Change UPN of the on-premise DBanner to match his email address
  4. Remove tenant routing address and reapply Email Address Policy to update routing address as dbanner2@contoso.onmicrosoft.com
  5. Dirsync will update the objects at the next synchronization cycle

 

User Principal Name and Email Address Conflict

 

NewGuy@ContosoMW.com

Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses smtp:OldGuy@ContosoMW.com;]. Correct or remove the duplicate values in your local directory. Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values.

 
 

Both SMTP Addresses and UPN must be unique. This domain had a policy where a departed employee’s email address would be given to their replacement or supervisor as an extra proxy address. The departed users were already migrated to Office 365 so their UPNs had been changed to match their email address. In this case, the UPN of one account was conflicting with an SMTP address of another account.

 

Resolution:

  1. OldGuy had his primary SMTP address changed to GONEOldGuy@contosoMW.com
  2. Change OldGuy’s UPN to match his new GONE email address
  3. Dirsync will update the objects at the next synchronization cycle

 

In Part 3, I will examine the next class of DirSync errors, Invalid User Principal Names.


 

Leave a Reply

x

We use cookies to ensure the best possible experience on our website. Detailed information on the use of cookies on this site is provided in our Privacy and Cookie Policy. Further instruction on how to disable our cookies can be found there.